I was interested to see what TCP manipulation you were referring to, so I read into the abstract a little. I've never fully dug into the details of how nmap works, but it seems nmap and zmap use nearly identical techniques: sending out packets using a raw socket which bypasses the kernel, then libpcap to capture results. The novelty here is that zmap is written specifically to "scan the internet" while nmap is more of a multi-purpose utility and just isn't as efficient at this particular function. Additionally zmap seems to bypass the kernel even when performing a SYN scan which nmap does not do (there might be an option - I'm not a guru).
So to answer your question, because abstract specifically mentions zmap uses a SYN scan, these probes can't really be blocked if you're running a legitimate service on the port being probed. If you were to use zmap with some other scan that takes advantage protocol (e.g. FIN scan), any iptables firewall is probably already blocking it.